ok, this may seem a little strange but.... I know that many phones come with linux embedded on them, but I'm wordering: What's the best "phone" for basic pentesting? (i.e. To take someone who thinks they're secure and demonstrate just how far someone could go with just a phone.) ...Something that can run nix or nix app's like netcat/nmap/metasploit/etc.... While I know the iPhone already does all of this, and I have one (....don't ask) I'm just wondering where should I start looking? I won't be planning to switch until this fall (damn contracts) and I'm still very far away from getting to the pentesting career of my dreams (or even an IT job for that matter) but I'm working on it. And with that in mind, I'd like to choose my next phone basic on such so this does not become an issue at that time. (also something that supports Devorak would be great!...but I know I'll never see that lol). Thanx for any input or just general discussion about this.

Also while I'm here, I'd like to thank everyone would responded to my last post (I know I'm over doing it a little) but I just can't thank everyone enough for their help. For many of years now I felt like I was all alone in my quest to my career. (It's hard to find other's who want to be a "hacker" but a good guy. ....usually if you mention the word you're out casted! ...while I'm sure some of you know what I'm talking about so I'm not going to ramble anymore then this....

Well if I recall, any non-propreitary phone will work well for you. In my opinion, VoIP phones are like printers, you can run all kinds of goodies on it and use it to pivot on to more machines in the network. Though that is not all you can do with VoIP phones. You can use unencrypted RTP and SIP traffic to your advantage as well in many ways, such as replaying audio, recording audio and using the logons to better aid you in owning the VoIP servers for further penetration and pivoting into the network. I will give some detailed examples of this and how to do this, this evening when I have a little more time. For now I hope this helps a little.

Some attacks that could be made to the VoIP infrastructure and the phone itself depending on where you are in the network are as follows.

DNS attacks: DNS footprinting Cache poisoning Denial of Service

DHCP attack Rogue DHCP server

TFTP attacks: TFTP sniffing Uplaoding TFTP settings of your choice if credentials are default(alot of times they are the same)

HTTP Attack: There is management server interfaces over HTTP on most VoIP phones which means the management is done in the clear, so it can be altered or sniffed

SNMP Attack: Major attacks from this vector are information disclosure from sniffing and alteration. Information disclosure from user names, installed software, listening ports and running services can be sniffed off the network Alteration when the SNMP community strings have been brute forced or they are still at the default. Commonly this is the vector by which you would gain access to a phone or printer to have the ability to load programs that run in a nix environment so you can pivot and further conquer the network.

Arp Attacks are possible

As well as RTP and SIP attacks since they are generally all clear text.

If you are interested in learning more let me know and I can put up more info.

Some goof phones that I have seen that can be taken advantage of are polycom phones and packet8 phones(all the brands they use) that is what comes to mind. As far as what nix they use specifically I am not sure, but that can be found probably through a detailed manual or some furthur questioning by the actual vendor.

Last edited by doodleface on Thu Feb 12, 2009 11:03 am, edited 1 time in total.

Well thanx, But I guess I wasn't clear on what I was asking. Not a phone to penetrate, but a phone AS the PLATFORM to run the test on. Things like nmap, nc, metasploit, etc... can all be ran from my iPhone, So I'm looking to buy another phone in the upcoming months that can accomplish this. I can thinking about the HTC-1 (i think) the G1. ... But I have a lot more research to do. Anyways, I was just wondering. Any thought on this is helpful, thanx

I have an Iphone, I have it jailbroken, I have a version of unix on it so that I am able to log onto IRC servers with Bitchx. I just found out they have a working version of Linux that can be run on the iphone. Ill check it out, and let you know what I find

Got Linux on Iphone with Iboot.. Still pretty beta, almost all of the Iphone drives need to be added. For example No "iphone" key board support, all commands have to be typed in through (in my case) Mac OSX Terminal.

I got the G1 running android and have root, but I heard you can straight up install debian or gentoo or whatever flavor you like on the openmoko phone, although somehting like damn small linux would be more intelligent.

im working on getting more stuff on the android, in particular developing a an interface to tcpdump. you can get port scanners, ssh and remote vnc shells etc on android market for free.

Google used the linux kernel but its not compatible with posix in certain respects, but plenty are working on bringing it more inline with what htey THOUGHT they were getting with an open-source linux based mobile device.

i'd check out the open moko phone, or keep an hear to the android hacking world.

Since my last post I found a hack for installing debian on my G1. This does NOT replace android, nor does it make android stop working. it runs off the sdcard, so get a bigger sdcard before you install it. there is also the G1-hackers mailing list.

a friend of mine has the neo-runner with openmoko. am still really interested in that, but if you can have debian and android with an open SDK built for its gui and controls, you have a pretty sophisticated pen-testing tool.